C++ Alliance takes aim at C++ memory safety

Concerns about C++ memory safety soon could be in the past. The C++ Alliance, a charity whose mission is to make the C++ language accessible and useful, is working to add memory safety features to C++, through its Safe C++ Extensions proposal.

Partnering with engineer Sean Baxter, the alliance describes its plan as a “revolutionary” proposal. “This collaboration marks a significant milestone in the C++ ecosystem, as the need for safe code has never been more pressing,” alliance president and director Vinnie Falco wrote in a September 12 blog post. “With the increasing importance of software security and reliability, developers are facing mounting pressure to adopt safer coding practices. The Safe C++ Extensions aim to address this critical need by introducing novel features that prevent common memory-related errors.”

C++ and the C language have been the target of criticism by the White House, which in February urged developers to stop using these languages over memory safety concerns. C++ founder Bjarne Stroustrup responded by defending the language. The Safe C++ Extensions proposal aims to turn the tide for C++. A key component of the plan is the Safe Standard Library, which would provide developers with memory-safe implementations of essential data structures and algorithms, according to Falco. The goal of the proposal is to advance a superset of C++ with a “rigorously safe subset,” the proposal states. C++ code in this safe context would exhibit the same strong safety guarantees as code written in Rust, it says.

The Safe C++ Extensions proposal contrasts ISO C++ with Safe C++. “In ISO C++, soundness bugs often occur because caller and callee don’t know who should enforce preconditions, so neither of them do. In Safe C++, there’s a convention backed up by the compiler, eliminating this confusion and improving software quality.”

In the introduction to the proposal, the C++ Alliance acknowledges issues with the language. “Much of the country’s critical infrastructure relies on software written in C and C++, languages which are very memory-unsafe, leaving these systems more vulnerable to exploits by adversaries.” However, Safe C++ developers would be prohibited from writing operations that may result in undefined behaviors that compromise lifetime safety, type safety, or thread safety.